Test Kennung:	1.3.6.1.4.1.25623.1.0.812035
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Update for httpd RHSA-2017:2882-01
Zusammenfassung:	The remote host is missing an update for the 'httpd'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'httpd' package(s) announced via the referenced advisory. Vulnerability Insight: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank Hanno Bck for reporting this issue. Affected Software/OS: httpd on Red Hat Enterprise Linux Server (v. 7) Solution: Please Install the Updated Packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-9798 BugTraq ID: 100872 http://www.securityfocus.com/bid/100872 BugTraq ID: 105598 http://www.securityfocus.com/bid/105598 Debian Security Information: DSA-3980 (Google Search) http://www.debian.org/security/2017/dsa-3980 https://www.exploit-db.com/exploits/42745/ https://security.gentoo.org/glsa/201710-32 http://openwall.com/lists/oss-security/2017/09/18/2 https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a https://github.com/hannob/optionsbleed https://security-tracker.debian.org/tracker/CVE-2017-9798 https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E RedHat Security Advisories: RHSA-2017:2882 https://access.redhat.com/errata/RHSA-2017:2882 RedHat Security Advisories: RHSA-2017:2972 https://access.redhat.com/errata/RHSA-2017:2972 RedHat Security Advisories: RHSA-2017:3018 https://access.redhat.com/errata/RHSA-2017:3018 RedHat Security Advisories: RHSA-2017:3113 https://access.redhat.com/errata/RHSA-2017:3113 RedHat Security Advisories: RHSA-2017:3114 https://access.redhat.com/errata/RHSA-2017:3114 RedHat Security Advisories: RHSA-2017:3193 https://access.redhat.com/errata/RHSA-2017:3193 RedHat Security Advisories: RHSA-2017:3194 https://access.redhat.com/errata/RHSA-2017:3194 RedHat Security Advisories: RHSA-2017:3195 https://access.redhat.com/errata/RHSA-2017:3195 RedHat Security Advisories: RHSA-2017:3239 https://access.redhat.com/errata/RHSA-2017:3239 RedHat Security Advisories: RHSA-2017:3240 https://access.redhat.com/errata/RHSA-2017:3240 RedHat Security Advisories: RHSA-2017:3475 https://access.redhat.com/errata/RHSA-2017:3475 RedHat Security Advisories: RHSA-2017:3476 https://access.redhat.com/errata/RHSA-2017:3476 RedHat Security Advisories: RHSA-2017:3477 https://access.redhat.com/errata/RHSA-2017:3477 http://www.securitytracker.com/id/1039387
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.